{
  "schema_version": "1.4.0",
  "id": "GHSA-w3vp-jw9m-f9pm",
  "modified": "2023-12-13T13:34:55Z",
  "published": "2023-12-13T13:34:55Z",
  "aliases": [
    "CVE-2023-6193"
  ],
  "summary": "Unbounded queuing of path validation messages in cloudflare-quiche",
  "details": "### Impact\nquiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption.\n\nQUIC path validation ([RFC 9000 Section 8.2](https://datatracker.ietf.org/doc/html/rfc9000#section-8.2)) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received, leading to storage of path validation data in an unbounded queue.\n\n### Patches\nQuiche versions greater than 0.19.0 address this problem.\n\n### References\n[CVE-2023-6193](https://www.cve.org/CVERecord?id=CVE-2023-6193)\n[RFC 9000 Section 8.2](https://datatracker.ietf.org/doc/html/rfc9000#section-8.2)",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "quiche"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0.15.0"
            },
            {
              "fixed": "0.19.1"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6193"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/quiche/commit/ea7ecf39ae28ab24cf1785c1674dc2e8a076f9ca"
    },
    {
      "type": "WEB",
      "url": "https://datatracker.ietf.org/doc/html/rfc9000#section-8.2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudflare/quiche"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-13T13:34:55Z",
    "nvd_published_at": "2023-12-12T14:15:07Z"
  }
}